Przed chwila musialem odinstalowac kodeki, bo pliki .avi crashowaly explorera
Proszę o sprawdzenie loga:
- Kod: Zaznacz wszystko
ComboFix 09-04-01.01 - KubaPC 2009-04-02 23:12:56.2 - NTFSx86 MINIMAL
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1045.18.3327.3059 [GMT 2:00]
Running from: c:\documents and settings\KubaPC\Pulpit\ComboFix.exe
AV: ESET NOD32 Antivirus 3.0 *On-access scanning disabled* (Updated)
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\docume~1\KubaPC\USTAWI~1\Temp\E_4
c:\docume~1\KubaPC\USTAWI~1\Temp\E_4\eWinSock.fne
c:\docume~1\KubaPC\USTAWI~1\Temp\E_4\krnln.fne
c:\docume~1\KubaPC\USTAWI~1\Temp\E_4\krnln.fnr
c:\docume~1\KubaPC\USTAWI~1\Temp\E_4\xplib.fne
c:\docume~1\KubaPC\USTAWI~1\Temp\E_N4
c:\docume~1\KubaPC\USTAWI~1\Temp\E_N4\eWinSock.fne
c:\docume~1\KubaPC\USTAWI~1\Temp\E_N4\krnln.fnr
c:\docume~1\KubaPC\USTAWI~1\Temp\E_N4\odbcdb.run
c:\documents and settings\All Users\Dane aplikacji\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Dane aplikacji\Microsoft\Network\Downloader\qmgr1.dat
D:\Autorun.inf
----- BITS: Possible infected sites -----
hxxp://www.hhdsoftware.com
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_XPROTECTOR
-------\Service_XPROTECTOR
((((((((((((((((((((((((( Files Created from 2009-03-02 to 2009-04-02 )))))))))))))))))))))))))))))))
.
2009-04-02 22:30 . 2009-04-02 22:30 <DIR> d-------- c:\program files\CCleaner
2009-04-02 22:21 . 2009-04-02 22:21 <DIR> d-------- c:\documents and settings\Administrator\Dane aplikacji\Malwarebytes
2009-04-02 22:20 . 2008-10-22 22:36 <DIR> d--h----- c:\documents and settings\Administrator\Ustawienia lokalne
2009-04-02 22:20 . 2008-10-22 22:36 <DIR> d-------- c:\documents and settings\Administrator\Ulubione
2009-04-02 22:20 . 2008-10-22 20:48 <DIR> d--h----- c:\documents and settings\Administrator\Szablony
2009-04-02 22:20 . 2008-10-22 22:36 <DIR> d-------- c:\documents and settings\Administrator\Pulpit
2009-04-02 22:20 . 2008-10-22 22:36 <DIR> d-------- c:\documents and settings\Administrator\Moje dokumenty
2009-04-02 22:20 . 2008-10-22 22:36 <DIR> dr------- c:\documents and settings\Administrator\Menu Start
2009-04-02 22:20 . 2009-04-02 22:21 <DIR> dr-h----- c:\documents and settings\Administrator\Dane aplikacji
2009-04-02 22:20 . 2009-04-02 22:20 <DIR> d-------- c:\documents and settings\Administrator
2009-04-02 21:31 . 2009-04-02 21:59 <DIR> d-------- c:\program files\SUPERAntiSpyware
2009-04-02 21:31 . 2009-04-02 21:31 <DIR> d-------- c:\documents and settings\KubaPC\Dane aplikacji\SUPERAntiSpyware.com
2009-04-02 21:31 . 2009-04-02 21:31 <DIR> d-------- c:\documents and settings\All Users\Dane aplikacji\SUPERAntiSpyware.com
2009-04-02 20:50 . 2009-04-02 20:50 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-04-02 20:50 . 2009-04-02 20:50 <DIR> d-------- c:\documents and settings\KubaPC\Dane aplikacji\Malwarebytes
2009-04-02 20:50 . 2009-04-02 20:50 <DIR> d-------- c:\documents and settings\All Users\Dane aplikacji\Malwarebytes
2009-04-02 20:50 . 2009-03-26 16:49 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-02 20:50 . 2009-03-26 16:49 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-03-27 20:45 . 2009-03-27 23:32 <DIR> d-------- c:\program files\CamStudio
2009-03-22 15:25 . 2009-03-23 14:58 <DIR> d-------- c:\program files\ElcomSoft
2009-03-22 15:25 . 2009-03-22 15:27 956 --a------ c:\windows\ARPR.INI
2009-03-21 00:25 . 2009-03-21 00:25 41,808 --a------ c:\windows\system32\xfcodec.dll
2009-03-12 23:51 . 2009-03-12 23:51 <DIR> d-------- c:\documents and settings\KubaPC\dwhelper
2009-03-08 21:20 . 2009-03-08 21:20 <DIR> d-------- c:\documents and settings\KubaPC\Dane aplikacji\TeamViewer
2009-03-08 21:19 . 2009-03-08 21:19 <DIR> d-------- c:\program files\TeamViewer
2009-03-08 21:19 . 2009-03-08 21:19 <DIR> d-------- c:\documents and settings\KubaPC\temp
2009-03-05 15:17 . 2009-03-28 01:48 <DIR> d-------- c:\documents and settings\KubaPC\Dane aplikacji\Xfire
2009-03-04 22:05 . 2009-03-05 23:09 <DIR> d-------- c:\windows\system32\Adobe
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-02 19:30 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-04-02 18:37 --------- d-----w c:\program files\Hamachi
2009-04-02 18:35 --------- d-----w c:\program files\MuAnalyser
2009-04-02 12:43 3,584 ----a-w c:\windows\EAddress.dll
2009-03-27 13:15 --------- d-----w c:\documents and settings\KubaPC\Dane aplikacji\Hamachi
2009-03-14 12:12 --------- d--h--w c:\program files\InstallShield Installation Information
2009-03-07 16:23 --------- d-----w c:\program files\Burn4Free
2009-03-05 13:14 --------- d-----w c:\program files\Xfire
2009-02-28 21:24 --------- d-----w c:\documents and settings\KubaPC\Dane aplikacji\FileZilla
2009-02-28 16:32 --------- d-----w c:\documents and settings\KubaPC\Dane aplikacji\gtk-2.0
2009-02-26 21:58 --------- d-----w c:\documents and settings\KubaPC\Dane aplikacji\teamspeak2
2009-02-08 00:25 --------- d-----w c:\program files\PFConfig
2009-01-09 15:19 31 ----a-w c:\documents and settings\KubaPC\jagex_runescape_preferences.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WhatPulse"="c:\program files\WhatPulse\WhatPulse.exe" [2006-08-21 665600]
"RGSC"="d:\program files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe" [2008-12-14 306088]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-03-23 1830128]
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\axcmd.exe" [2008-11-23 203720]
"ALLUpdate"="c:\program files\ALLPlayer\ALLUpdate.exe" [2008-11-24 869888]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-07-24 490952]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-11-18 21633320]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2007-11-23 1410304]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-29 61440]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 40048]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-26 136600]
"RTHDCPL"="RTHDCPL.EXE" [2008-05-16 c:\windows\RTHDCPL.exe]
c:\documents and settings\All Users\Menu Start\Programy\Autostart\
Service Manager.lnk - c:\program files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2008-10-22 69632]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 12:05 356352 c:\program files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.XFR1"= xfcodec.dll
[HKLM\~\startupfolder\C:^Documents and Settings^KubaPC^Menu Start^Programy^Autostart^No-IP DUC.lnk]
path=c:\documents and settings\KubaPC\Menu Start\Programy\Autostart\No-IP DUC.lnk
backup=c:\windows\pss\No-IP DUC.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^KubaPC^Menu Start^Programy^Autostart^Yahoo! Widget Engine.lnk]
path=c:\documents and settings\KubaPC\Menu Start\Programy\Autostart\Yahoo! Widget Engine.lnk
backup=c:\windows\pss\Yahoo! Widget Engine.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
"UacDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
"AntiVirusDisableNotify"=dword:00000001
"FirewallDisableNotify"=dword:00000001
"FirewallOverride"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"UacDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"d:\\muserver\\JoinServer\\JoinServer.exe"=
"d:\\muserver\\DataServer1\\DataServer.exe"=
"d:\\muserver\\DataServer2\\DataServer.exe"=
"d:\\muserver\\ExDB\\ExDB.exe"=
"d:\\muserver\\ChatServer\\ChatServer.exe"=
"d:\\muserver\\GameServer\\Gameserver.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"d:\\Program Files\\Rockstar Games\\Rockstar Games Social Club\\RGSCLauncher.exe"=
"d:\\Program Files\\Rockstar Games\\Grand Theft Auto IV\\LaunchGTAIV.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\ESET\\ESET NOD32 Antivirus\\egui.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"44405:TCP"= 44405:TCP:44405tcp
"44405:UDP"= 44405:UDP:44405udp
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2007-11-23 30728]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2009-03-23 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2009-03-23 72944]
R2 Apache2.2;Apache2.2;d:\xampp\apache\bin\apache.exe [2008-06-14 17408]
R2 ekrn;Eset Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2007-11-23 455936]
R3 L1e;Miniport Driver for Atheros AR8121/AR8113 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1e51x86.sys [2008-11-14 36864]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2009-03-23 7408]
S1 ntiomin;ntiomin; [x]
S2 XAMPP;XAMPP Service;d:\xampp\service.exe [2007-12-21 60928]
S3 abp470n5;abp470n5;\??\c:\windows\system32\drivers\fnohnh.sys --> c:\windows\system32\drivers\fnohnh.sys [?]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - setupSNK.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a71d482f-0a6a-11de-bddd-002215562770}]
\Shell\AutoRun\command - SYSTEM\S-1-5-21-1482476501-1644491937-682003330-1013\system32.exe
\Shell\open\command - SYSTEM\S-1-5-21-1482476501-1644491937-682003330-1013\system32.exe
.
- - - - ORPHANS REMOVED - - - -
BHO-{D187A56B-A33F-4CBE-9D77-459FC0BAE012} - (no file)
HKLM-Run-SmcService - d:\progra~1\Sygate\SPF\smc.exe
HKLM-Run-WebServ - d:\program files\WebServ\WebServ.exe
.
------- Supplementary Scan -------
.
uStart Page = about:blank
mStart Page = about:blank
uInternet Connection Wizard,ShellNext = iexplore
IE: Download All by FlashGet - c:\program files\FlashGet\jc_all.htm
IE: Download using FlashGet - c:\program files\FlashGet\jc_link.htm
IE: E&ksport do programu Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\KubaPC\Dane aplikacji\Mozilla\Firefox\Profiles\edsnbcq4.default\
FF - prefs.js: browser.search.selectedEngine - DAEMON Search
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - plugin: c:\documents and settings\KubaPC\Dane aplikacji\Mozilla\Firefox\Profiles\edsnbcq4.default\extensions\NPDyyno@dyyno.com\plugins\npDyyno.dll
FF - plugin: c:\program files\Dyyno\Dyyno Player\npvlc.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npganymedenet.dll
.
**************************************************************************
catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-02 23:17:02
Windows 5.1.2600 Dodatek Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-790525478-329068152-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{9E1B846C-093E-99BE-CCDC-C57548F92A1E}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"abgkimmkdnlpoibmokffahoplajonnimek"=hex:61,61,00,00
"bbgkimmkdnlpoibmokkddgeplaggibkkjdkl"=hex:61,61,00,00
[HKEY_USERS\S-1-5-21-790525478-329068152-1801674531-1003\Software\SecuROM\License information*]
"datasecu"=hex:86,f8,1c,ec,b1,47,ee,f2,d7,65,4f,a1,87,12,50,8e,6c,19,ec,c9,a4,
15,7b,50,a7,0c,09,fd,cc,4f,b7,17,7e,88,bd,15,da,f7,c5,5f,b7,ea,8f,a0,ff,83,\
"rkeysecu"=hex:0c,b1,15,9c,dd,c9,68,14,62,b4,7c,a1,aa,54,78,56
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(884)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\Ati2evxx.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\windows\system32\ati2evxx.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\progra~1\MICROS~2\MSSQL\Binn\sqlservr.exe
c:\windows\system32\HPZipm12.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
d:\program files\RealVNC\VNC4\winvnc4.exe
c:\progra~1\MICROS~2\MSSQL\Binn\sqlagent.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2009-04-02 23:18:00 - machine was rebooted [KubaPC]
ComboFix-quarantined-files.txt 2009-04-02 21:17:57
Pre-Run: 10,046,746,624 bajtów wolnych
Post-Run: 10,842,472,448 bajtów wolnych
224
A tu z hijackthisa
- Kod: Zaznacz wszystko
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:26:37, on 2009-04-02
Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\WhatPulse\WhatPulse.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
D:\xampp\apache\bin\apache.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\PROGRA~1\MICROS~2\MSSQL\binn\sqlservr.exe
D:\xampp\apache\bin\apache.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
D:\Program Files\RealVNC\VNC4\WinVNC4.exe
C:\PROGRA~1\MICROS~2\MSSQL\binn\sqlagent.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
D:\Program Files\Gadu-Gadu\gg.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Lacza
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] ; "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [RTHDCPL] ; RTHDCPL.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] ; "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [WhatPulse] C:\Program Files\WhatPulse\WhatPulse.exe
O4 - HKCU\..\Run: [RGSC] ; D:\Program Files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe /silent
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [AlcoholAutomount] ; "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [ALLUpdate] ; "C:\Program Files\ALLPlayer\ALLUpdate.exe" "sleep"
O4 - HKCU\..\Run: [DAEMON Tools Lite] ; "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [Skype] ; "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Apache2.2 - Apache Software Foundation - D:\xampp\apache\bin\apache.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - Unknown owner - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - D:\Program Files\RealVNC\VNC4\WinVNC4.exe
O23 - Service: XAMPP Service (XAMPP) - Unknown owner - D:\xampp\service.exe
--
End of file - 5844 bytes
